‼ CVE-2023-21583 ‼
📖 Read
via "National Vulnerability Database".
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40021 ‼
📖 Read
via "National Vulnerability Database".
QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22238 ‼
📖 Read
via "National Vulnerability Database".
After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21593 ‼
📖 Read
via "National Vulnerability Database".
Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21574 ‼
📖 Read
via "National Vulnerability Database".
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
🕴 Is OWASP at Risk of Irrelevance? 🕴
📖 Read
via "Dark Reading".
A growing group of OWASP members and board leaders are calling for the AppSec group to make big changes to stay apace with modern development.📖 Read
via "Dark Reading".
Dark Reading
Is OWASP at Risk of Irrelevance?
A growing group of OWASP members and board leaders are calling for the AppSec group to make big changes to stay apace with modern development.
‼ CVE-2021-32845 ‼
📖 Read
via "National Vulnerability Database".
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32843 ‼
📖 Read
via "National Vulnerability Database".
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32846 ‼
📖 Read
via "National Vulnerability Database".
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to `VTSOCK_MAXSEGS`, but that check is not sufficient because the function can return `-1` if it finds an error it cannot recover from. Moreover, the negative return value will be used by `iovec_pull` in a while condition that can further lead to more corruption because the function is not designed to handle a negative `iov_len`. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit af5eba2360a7351c08dfd9767d9be863a50ebaba.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32844 ‼
📖 Read
via "National Vulnerability Database".
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40348 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0901 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0914 ‼
📖 Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0915 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221490 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0916 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0917 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221493 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0918 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221494 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0919 ‼
📖 Read
via "National Vulnerability Database".
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2012-10007 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The name of the patch is 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26093 ‼
📖 Read
via "National Vulnerability Database".
Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48328 ‼
📖 Read
via "National Vulnerability Database".
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.📖 Read
via "National Vulnerability Database".
👍1